Japan Vulnerability NotesJVN:44724673JVN#44724673: Java Web Start vulnerable to execution of unauthorized system classes
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.033 Low
EPSS
Percentile
91.2%
Java Web Start, included in the JRE (Java Runtime Environment) and other products, is a tool for distributing Java applications over the web. A vulnerability exists in an implementation of Java Web Start which may allow Java Web Start Application including a malformed JAR file to execute an unauthorized system class.
Impact
An arbitrary command or code may be executed or files on a user’s computer may be overwritten, with the privilege of the user running the application.
Solution
Update the Software
Update to the fixed version from the vendor.
Products Affected
- SDK 1.4.2 Update 13 and earlier
- JDK 5 Update 10 and earlier
- JRE 1.4.2 Update 13 and earlier
- JRE 5 Update 10 and earlier
For more information, refer to the vendor’s website.
Related
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.033 Low
EPSS
Percentile
91.2%